Yes, a user was created. But no, the command does not put them in the admins group. The administrator credential was used to create the user account. Incidentally, the net user command syntax in the example is wrong. I use it constantly IRL. It should be "net user <username> <password> /add". And then add them to the local admins using "net localgroup administrators /add <username>"
The correct answer is C. New account introduced. The endpoint log entry shows two commands that were executed on a computer named “clientcomputer1” using administrator credentials. The first command queries the hostname of the computer, and the second command adds a new user “invoke_u1” to the computer. This indicates that a new account was introduced to the system, which could be a sign of malicious activity or beaconing
Multiple arguments could be had, the question doesn't say the commands were ran by an attacker. So, ignore the administrator credentials provided and take the parameter passed to ScriptBlock in the second command at face value. Just adding a user.
Correct
The endpoint log entry shows that a new account has been created on a Windows system with a local group membership of “Administrators”
https://operating-systems.wonderhowto.com/how-to/create-admin-user-account-using-cmd-prompt-windows-0125689/
https://lazyadmin.nl/it/net-user-command/#net-user-add-account
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CS0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
dave_delete_me
Highly Voted 8 months agochrys
Highly Voted 1 year, 3 months agoWaaHassan
Most Recent 11 months, 3 weeks agoLifeElevated
1 year agokmordalv
1 year, 3 months ago